Skip to content

Commit

Permalink
Merge pull request ipfs/kubo#5893 from ipfs/fix/gateway-headers
Browse files Browse the repository at this point in the history
gateway: fix CORs headers

This commit was moved from ipfs/kubo@42a15ba
  • Loading branch information
Stebalien authored Jan 8, 2019
2 parents c87e15b + f23457c commit 268423b
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 16 deletions.
10 changes: 8 additions & 2 deletions gateway/core/corehttp/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,18 @@ func addHeadersFromConfig(c *cmdsHttp.ServerConfig, nc *config.Config) {
}
}

c.Headers = make(map[string][]string, len(nc.API.HTTPHeaders))
c.Headers = make(map[string][]string, len(nc.API.HTTPHeaders)+1)

// Copy these because the config is shared and this function is called
// in multiple places concurrently. Updating these in-place *is* racy.
for h, v := range nc.API.HTTPHeaders {
c.Headers[h] = v
h = http.CanonicalHeaderKey(h)
switch h {
case cmdsHttp.ACAOrigin, cmdsHttp.ACAMethods, cmdsHttp.ACACredentials:
// these are handled by the CORs library.
default:
c.Headers[h] = v
}
}
c.Headers["Server"] = []string{"go-ipfs/" + version.CurrentVersionNumber}
}
Expand Down
58 changes: 57 additions & 1 deletion gateway/core/corehttp/gateway.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"fmt"
"net"
"net/http"
"sort"

version "github.com/ipfs/go-ipfs"
core "github.com/ipfs/go-ipfs/core"
Expand All @@ -19,6 +20,26 @@ type GatewayConfig struct {
PathPrefixes []string
}

// A helper function to clean up a set of headers:
// 1. Canonicalizes.
// 2. Deduplicates.
// 3. Sorts.
func cleanHeaderSet(headers []string) []string {
// Deduplicate and canonicalize.
m := make(map[string]struct{}, len(headers))
for _, h := range headers {
m[http.CanonicalHeaderKey(h)] = struct{}{}
}
result := make([]string, 0, len(m))
for k := range m {
result = append(result, k)
}

// Sort
sort.Strings(result)
return result
}

func GatewayOption(writable bool, paths ...string) ServeOption {
return func(n *core.IpfsNode, _ net.Listener, mux *http.ServeMux) (*http.ServeMux, error) {
cfg, err := n.Repo.Config()
Expand All @@ -31,8 +52,43 @@ func GatewayOption(writable bool, paths ...string) ServeOption {
return nil, err
}

headers := make(map[string][]string, len(cfg.Gateway.HTTPHeaders))
for h, v := range cfg.Gateway.HTTPHeaders {
headers[http.CanonicalHeaderKey(h)] = v
}

// Hard-coded headers.
const ACAHeadersName = "Access-Control-Allow-Headers"
const ACEHeadersName = "Access-Control-Expose-Headers"
const ACAOriginName = "Access-Control-Allow-Origin"
const ACAMethodsName = "Access-Control-Allow-Methods"

if _, ok := headers[ACAOriginName]; !ok {
// Default to *all*
headers[ACAOriginName] = []string{"*"}
}
if _, ok := headers[ACAMethodsName]; !ok {
// Default to GET
headers[ACAMethodsName] = []string{"GET"}
}

headers[ACAHeadersName] = cleanHeaderSet(
append([]string{
"Content-Type",
"User-Agent",
"Range",
"X-Requested-With",
}, headers[ACAHeadersName]...))

headers[ACEHeadersName] = cleanHeaderSet(
append([]string{
"Content-Range",
"X-Chunked-Output",
"X-Stream-Output",
}, headers[ACEHeadersName]...))

gateway := newGatewayHandler(n, GatewayConfig{
Headers: cfg.Gateway.HTTPHeaders,
Headers: headers,
Writable: writable,
PathPrefixes: cfg.Gateway.PathPrefixes,
}, api)
Expand Down
13 changes: 0 additions & 13 deletions gateway/core/corehttp/gateway_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -182,19 +182,6 @@ func (i *gatewayHandler) getOrHeadHandler(ctx context.Context, w http.ResponseWr
w.Header().Set("X-IPFS-Path", urlPath)
w.Header().Set("Etag", etag)

// set 'allowed' headers
// & expose those headers
var allowedHeadersArr = []string{
"Content-Range",
"X-Chunked-Output",
"X-Stream-Output",
}

var allowedHeaders = strings.Join(allowedHeadersArr, ", ")

w.Header().Set("Access-Control-Allow-Headers", allowedHeaders)
w.Header().Set("Access-Control-Expose-Headers", allowedHeaders)

// Suborigin header, sandboxes apps from each other in the browser (even
// though they are served from the same gateway domain).
//
Expand Down

0 comments on commit 268423b

Please sign in to comment.